shiro

问题 As part of my new years learning new technologies initiative I have started messing around with the Apache Shiro Security Framework. I managed to get the basic example working which stores usernames, passwords and roles in the shiro.ini file, but when I modified my shiro.ini file to use JDBC it just stopped working. I now keep getting prompted for my username and password when trying to access my application. I've kept it as simple as possible (the passwords aren't even hashed). Below is my

问题 Might be just me, but I have a hard time understanding how to secure just some of the pages in a Grails application with the Shiro Plugin. I use this in my security filter: class SecurityFilters { def filters = { all(uri: "/**") { before = { // Ignore direct views (e.g. the default main index page). if (!controllerName) return true // Access control by convention. accessControl ( auth:false) } } } } and I have created a user in my bootstrap: def adminRole = new Role(name: "Administrator")

问题 We're working with Apache Shiro for our user authentication on glassfish 4. We've run into an issue where any changes to the shiro.ini file don't properly get implemented. No matter how many times we push, even if we clean and build first, the system acts like it is using the old version of the .ini file. The only fix is to take everything off of glassfish, wipe it clean, and then a new install will work. This solution is obviously untenable, is there something we are missing? I'd like to

问题 Good afternoon guys! I have a project in JSF that uses Apache Shiro Authentication. The login method works fine, but the logout method throw UnknownSessionException. Here is my dependencies on pom.xml(Maven): <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-web --> <dependency> <groupId

问题 The usual way of authenticating user is to invoke: SecurityUtils.subject.login(new UsernamePasswordToken(params.username, params.password)) However, what if I would like to log him in automagically, without necessity of typing username and password? I have created method in userService like this: def logIn(User user){ Object userIdentity = user.email String realmName = "ShiroDbRealm"; PrincipalCollection principals = new SimplePrincipalCollection(userIdentity, realmName); Subject subject =

问题 For further background, see http://grails.markmail.org/message/62w2xpbgneapmhpd I'm trying to mock out the Shiro SecurityUtils.getSubject() method in my BootStrap.groovy. I decided on this approach because the Subject builder in the latest Shiro version isn't available in the current version of the Nimble plugin (which I'm using). I decided to try playing with the SecurityUtils.metaClass but I have a feeling I'm missing something very fundamental about how metaClasses work. For reference,

问题 SEVERE: A child container failed during start java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/EasyShiroWeb]] at java.util.concurrent.FutureTask$Sync.innerGet(Unknown Source) at java.util.concurrent.FutureTask.get(Unknown Source) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1123) at org.apache.catalina.core.StandardHost.startInternal

问题 Very very basic question. Is there a way to specify the package (when doing shiro-quick-start) where to place ShiroUser and ShiroRole classes at? By default they are placed at grails-app/domain/ and I want them at /grails-app/domain/com/bla/bla. Netbeans' refactoring tool is useless when trying to move those classes. Thanks. 回答1: Well it doesn't seem possible to have it out of the box. You might have a temporary solution that consists in: Install shiro plugin as an inplace plugin (see here) :

问题 I am using MongoDB with Spring, and Apache Shiro for session management. Since I encountered the same issue mentioned in this question, I resorted to using MongoTemplate directly instead of extending MongoRepository for implementing Realm class required by Shiro. This realm is simply a DAO that deals with MongoDB for user & role persistence. At the moment, I have a strange issue with the Bean Definition XML. It throws an SAXParserException, and I cannot comprehend why. I have provided some